JP7279899B2 - Data collection method, data collection apparatus, data collection device and computer readable storage medium - Google Patents

Description

TECHNICAL FIELD The present application relates to the field of computer security technology, and more particularly to a data collection method, data collection apparatus, data collection device and computer readable storage medium.

With the development of computer security technology, the research of trusted computing has received more and more attention, and remote attestation has become an important part of trusted computing. In order to perform remote attestation, a remote attestation server needs to collect data about network devices. Therefore, the data acquisition mode is of particular importance.

Related art provides a polling challenge-response mechanism during data collection. In this mechanism, a remote attestation server initiates a request, and the network device returns current authoritative information and current status based on the request.

Clearly, with the polling challenge-response mechanism, the network device will not respond until the server initiates the request. Therefore, this data collection mode is not flexible.

Embodiments of the present application provide a data collection method, a data collection apparatus and data collection device, and a computer-readable storage medium to solve the problems in the related art. Technical solutions are:

According to a first aspect, a data collection method is provided. The method applies to remote attestation processes. According to the method, a remote attestation server delivers the subscription configuration to the network device. Subscription configurations are used to subscribe to information related to remote attestations performed by network devices. A remote attestation server receives subscription information that is fed back by the network device based on the subscription configuration. The remote attestation server may deliver the subscription configuration to the network device, and the network device may automatically feed back subscription information based on the remote attestation server's subscription. Thus, the data collection modes of network devices in remote attestation are relatively flexible. In addition, data collection efficiency is improved by reducing redundant message exchanges as the remote attestation server does not have to deliver the subscription configuration multiple times.

Optionally, the method comprises the remote attestation server delivering the data processing parameters to the network device, the subscription information including information obtained after processing is performed based on the data processing parameters. , further comprising delivering. The data processing parameters are pre-delivered to the network device for use by the network device to feed back information. In this way, the number of interactions is reduced and data collection efficiency is improved.

Optionally, delivering the subscription configuration to the network device includes the remote attestation server establishing a network configuration protocol session with the network device and delivering the subscription configuration to the network device based on the network configuration protocol session. Including stages. Information subscription is implemented by using a network configuration protocol, which not only has a wide application scenario, but also inherits the advantages of the network configuration protocol, such as flexibility, high efficiency, advance notification and time validity. do.

According to a second aspect, a data collection method is provided. The method applies to a remote attestation process, the method comprises a network device receiving a subscription configuration delivered by a remote attestation server, the subscription configuration being a remote attestation performed by the network device. It includes a receiving step, which is used to subscribe to information related to the station. The network device feeds back subscription information to the remote attestation server based on the subscription configuration.

Optionally, the subscription configuration includes one or more of a data stream subscription configuration and an event subscription configuration.

Optionally, if the subscription configuration includes a datastream subscription configuration, feeding back the subscription information to the remote attestation server based on the subscription configuration comprises, based on the datastream subscription configuration:
software integrity information at each layer of the trust chain recorded when the network device is booted up;
operating system dynamic integrity information recorded as network devices operate;
dynamic software integrity information recorded as network devices operate;
Identity certificates associated with network devices; and
and feeding back to the remote server one or more of: remote attestation certificate information associated with the network device.

Optionally, if the subscription configuration includes an event subscription configuration, feeding back the subscription information to the remote attestation server based on the event subscription configuration includes: device boot event, device Information related to one or more of the following triggered events: upgrade events, specific mode attack events, master/slave switching events, board insertion/removal/switching events and certificate lifecycle events to a remote attestation server. Including the step of giving feedback.

Optionally, the subscription configuration further comprises a subscription mode, wherein the subscription mode is used to indicate a mode of feeding back subscription information, the subscription mode is a periodic feedback-based subscription mode and an event including one or a combination of triggered feedback-based subscription modes;
Feeding back subscription information to the remote attestation server based on the subscription configuration includes:
and feeding back subscription information to a remote attestation server based on subscription modes included in the subscription configuration.

Optionally, the different types of information mentioned above correspond to different subscription modes.

Optionally, said subscription configuration further comprises a filter configuration, and the subscription information comprises information obtained after filtering is performed based on the filter configuration.

Optionally, the method comprises receiving data processing parameters delivered by a remote attestation server, wherein the subscription information includes information obtained after processing has been performed based on the data processing parameters. , further comprising receiving.

Optionally, receiving the subscription configuration delivered by the remote attestation server establishes a network configuration protocol session with the remote attestation server and, based on the network configuration protocol session, delivers the subscription configuration delivered by the remote attestation server. receiving a subscription configuration to be processed.

According to a third aspect, a data collection device is provided. An apparatus is used in a remote attestation process, the apparatus being a sending module configured to deliver a subscription configuration to a network device, the subscription configuration associated with the remote attestation being performed by the network device. and a receiving module configured to receive subscription information fed back by the network device based on the subscription configuration.

Optionally, the sending module is further configured to deliver the data processing parameters to the network device, and the subscription information includes information obtained after processing is performed based on the data processing parameters.

Optionally, the sending module is configured to establish a network configuration protocol session with the network device and deliver the subscription configuration to the network device based on the network configuration protocol session.

According to a fourth aspect, a data collection device is provided. An apparatus is used in a remote attestation process, the apparatus being a receiving module configured to receive a subscription configuration delivered by a remote attestation server, the subscription configuration being performed by a network device. It includes a receiving module used to subscribe to information related to remote attestation, and a transmitting module configured to feed back subscription information to a remote attestation server based on a subscription configuration.

Optionally, if the subscription configuration includes a data stream subscription configuration, the sending module, based on the data stream subscription configuration,
software integrity information at each layer of the trust chain recorded when the network device is booted up;
operating system dynamic integrity information recorded as network devices operate;
dynamic software integrity information recorded as network devices operate;
Identity certificates associated with network devices; and
configured to feed back to a remote server one or more of: remote attestation certificate information associated with the network device.

Optionally, if the subscription configuration includes an event subscription configuration, the sending module is configured to send device boot events, device upgrade events, specific mode attack events, master/slave switch events, board It is configured to feed back to the remote server information related to one or more of the triggered events of insertion/removal/switching events and certificate lifecycle events.

Optionally, the subscription configuration further comprises a subscription mode, wherein the subscription mode is used to indicate a mode of feeding back subscription information, the subscription mode is a periodic feedback-based subscription mode and an event including one or a combination of triggered feedback-based subscription modes;
The sending module is configured to feed back the subscription information to the remote attestation server based on the subscription mode included in the subscription configuration.

Optionally, the receiving module is further configured to receive data processing parameters delivered by the remote attestation server, and the subscription information fed back by the sending module indicates that processing is performed based on the data processing parameters. contains information obtained after

Optionally, the receiving module is configured to establish a network configuration protocol session with a remote attestation server and receive a subscription configuration delivered by the remote attestation server based on the network configuration protocol session. .

According to a fifth aspect, a data collection device is provided. A device includes a memory and a processor. The memory stores at least one instruction, the at least one instruction loaded and executed by the processor to implement the method in any possible implementation of the first or second aspect of the present application.

According to a sixth aspect, a communication device is provided. The device includes a transceiver, memory, and a processor. The transceiver, memory, and processor communicate with each other through an interconnect channel. The memory is configured to store instructions. The processor is configured to execute instructions stored in memory to control the transceiver to receive signals and to control the transceiver to transmit signals. Additionally, when the processor executes the instructions stored in the memory, the processor is enabled to perform the method in any possible implementation of the first aspect or the second aspect.

Optionally, there are one or more processors and one or more memories.

Optionally, the memory may be integrated with the processor, or the memory and processor are separately located.

In a particular implementation process, the memory may be non-transitory memory such as read only memory (ROM). The memory and processor may be integrated into one chip or located on different chips. The type of memory and the mode in which the memory and processor are arranged are not limiting in the embodiments herein.

According to a seventh aspect, a communication system is provided. The system includes apparatus in the third aspect or any possible implementation of the third aspect and apparatus in the fourth aspect or any possible implementation of the fourth aspect.

According to an eighth aspect, a computer program (article of manufacture) is provided. A computer program (product) comprises computer program code which, when executed by a computer, enables the computer to perform the method in any possible implementation of the first aspect or the second aspect. be done.

According to a ninth aspect, a readable storage medium is provided. A readable storage medium stores a program or instructions. When the program or instructions are executed on the computer, the method in any possible implementation of the first aspect or the second aspect is performed.

According to a tenth aspect, a chip is provided that includes a processor. The processor is configured to recall and execute instructions stored in the memory from the memory, such that the communication device to which the chip is attached performs the method in any possible implementation of the first aspect or the second aspect. to run.

According to an eleventh aspect, another chip is provided that includes an input interface, an output interface, a processor, and a memory. The input interface, output interface, processor and memory are connected to each other through an internal connection channel. The processor is configured to execute the code in the memory, and when the code is executed the processor is configured to perform the method in any possible implementation of the first aspect or the second aspect. .

According to the technical solution in the embodiments of the present application, the remote attestation server delivers the subscription configuration to the network device, and the network device can automatically feed back the subscription information based on the subscription configuration, resulting in , security risks are reduced due to more flexible and timely data collection modes in remote attestation. In addition, data collection efficiency is improved by reducing redundant message exchanges as the remote attestation server does not have to deliver the subscription configuration multiple times.

FIG. 4 is a schematic diagram of a remote attestation process according to embodiments of the present application;

1 is a schematic diagram of an implementation environment according to embodiments of the present application; FIG.

FIG. 4 is a schematic diagram of a boot process according to embodiments of the present application;

FIG. 4 is a schematic diagram of a boot process according to embodiments of the present application;

FIG. 4 is a schematic diagram of a remote attestation process according to embodiments of the present application;

4 is a flowchart of a data collection method according to embodiments of the present application;

FIG. 3 is a schematic diagram of a tree structure of a configuration subscription data model according to embodiments of the present application;

1 is a schematic diagram of session interaction according to embodiments of the present application; FIG.

1 is a schematic diagram of session interaction according to embodiments of the present application; FIG.

4 is a schematic diagram of a tree structure of a dynamic subscription data model according to embodiments of the present application; FIG.

4 is a schematic diagram of a tree structure of a dynamic subscription data model according to embodiments of the present application; FIG.

1 is a schematic diagram of session interaction according to embodiments of the present application; FIG.

1 is a schematic diagram of session interaction according to embodiments of the present application; FIG.

4 is a schematic diagram of a tree structure of a dynamic subscription data model according to embodiments of the present application; FIG.

1 is a schematic structural diagram of a data collection device according to an embodiment of the present application; FIG.

1 is a schematic structural diagram of a data collection device according to an embodiment of the present application; FIG.

1 is a schematic structural diagram of a data collection device according to an embodiment of the present application; FIG.

1 is a schematic structural diagram of a communication device according to an embodiment of the present application; FIG.

The terminology used in the implementation of this application is only used to describe embodiments of this application and is not intended to limit this application.

In a trusted computing system, a root-of-trust (RoT) is first required to establish a trusted network system, and a chain of trust must be established. Thus, each module of the network system is trusted. Trust of the entire network system can then be established. This indicates that the root of trust must be a trustworthy component. Since the trusted platform module (TPM) and basic input/output system (BIOS) can generally be considered absolutely trusted, the root of trust is the TPM of each network device. and in the BIOS.

Trusted network devices are referred to as a root of trust for measurement (RTM), a root of trust for storage (RTS) and a root of trust for reporting (RTR). Contains three roots of trust. RTM is used to complete integrity measurements. Integrity measurements are typically completed by using a computing engine controlled by a core root of trust for measurement (CRTM). The CRTM contains the executable code used by the network device to perform the RTM, and the CRTM is typically stored in the BIOS. RTM is also a source of reliable transport. An RTS is an engine that maintains integrity digest values and digest sequences, and typically includes an engine and encryption keys for encrypting stored information. RTR is a computing engine that can reliably report data held by RTS. This authenticity is generally guaranteed by a signature.

Remote attestation (RA) is one of the techniques in the overall trusted computing solution, and RA is used to determine the trusted status of trusted servers. As shown in FIG. 1A, the remote attestation system includes an RA server, an RA client and a privacy certificate authority (PCA). The RA Server stores the baseline values for the RA Client's platform configuration register (PCR), is responsible for receiving PCR values sent by the RA Client, and provides the RA Client's trusted status. An RA client is a device that has a TPM and supports trusted boot functionality. The RA Client applies to and obtains from the PCA an attestation identity key (AIK) certificate assigned by the PCA. In some scenarios, the RA server initiates remote attestation to the RA client. The RA server sends a challenge request to the RA client. The RA client collects the PCR values, uses the AIK private key signature, and sends the AIK certificate and the PCR values obtained after the AIK private key signature is used to the RA server. The RA server verifies the validity of the AIK certificate sent by the RA client against the PCA. The PCA returns the PCR reference value corresponding to the RA client to the RA server. The RA server compares the PCR value sent by the RA client with the RA client's PCR reference value and determines the trusted status of the RA client based on the comparison result. In other words, the RA server determines whether the RA client is trustworthy.

In the implementation environment shown in FIG. 1B, the Trust Root proposed by the Trusted Computing Group (TCG) resides within the TPM is used as an example. A network management system (NMS) and/or operations support system (OSS) is used as an RA server and/or multiple RA servers, network devices act as RA clients, and network devices act as TPMs. including. The NMS/ The OSS needs to perform remote attestation in each process to establish trust chains on a level-by-level basis. Network devices store measurements, such as dynamic measurements and static measurements obtained through measurements, in the TPM's PCR. The network device's remote attestation module sends these measurements to the NMS/OSS acting as the RA server. The NMS/OSS may calculate and obtain the current status of the network device based on the PCR values and measurement logs, and then compare the current status with expected values to determine the reliability of the network device. The high security zone of FIG. 1B may include, for example, the system kernel, trusted zones, or intel software guard extensions (SGX). The terminal in FIG. 1B has a device identity composition engine (DICE).

Network device security is highly dependent on the integrity of the software running on the device. A chain of trust model is commonly used to ensure software integrity. During the boot phase, the next phase is checked before each phase is executed. As shown in FIG. 2, the root of trust (RoT) must be absolutely secure. During the device boot process, the system firmware initializes the entire hardware system and checks the system loader to be executed in the next phase. In other words, a comparison of the hash signatures of the system loaders performed in the next phase is performed. If the system loader's measurements match the system loader's baseline, the system loader is booted up and the system loader checks the system kernel to be executed in the next phase. If the system kernel measurement matches the system kernel baseline, the system kernel is booted up. The above-described checking and booting processes are repeated until all booting processes are completed. Boot includes Secure BOOT and Trusted BOOT.

Secure boot is part (subrule) of the unified extensible firmware interface (UEFI). These two have a relationship between some and all. UEFI is a specification that defines in detail the types of interfaces. The interface type is used by the operating system to automatically load the operating system from the pre-boot operating environment. The extensible firmware interface (EFI) is a recommended specification proposed by Intel® for personal computer (PC) firmware architecture, interfaces and services. The main function of EFI is to provide a consistent and precisely specified set of boot services for all platforms before the operating system (OS) is loaded. . Secure BOOT uses keys to prevent malware intrusion. UEFI specifies that some trusted public keys can be embedded in the mainboard before distribution. Any operating system or hardware driver program that needs to be loaded on this mainboard must then be authenticated with the public key. In other words, software must be signed with the corresponding private key. Otherwise, the mainboard will refuse to load the software. It is impossible for malware to infect BOOT because it cannot be successfully authenticated.

Trusted boot involves the device's TPM recording critical system status of the device during the device system boot process. After the device system boots up, the device sends reports to the remote server for remote attestation and remote authentication. Based on the results of remote attestation and remote authentication, the user determines whether the status of the entire system environment is trustworthy. In some embodiments of the present application, the remote attestation function module of the device sends reports to a remote server for remote attestation and remote authentication. In some embodiments of the present application, a network management system or network controller, according to preconfigured policies or policies obtained in a particular mode, and based on the results of remote attestation and remote authentication, can determine whether the status of is trustworthy. For example, whether a device is allowed access or whether a device is allowed to carry a service according to a preconfigured or retrieved policy and based on the results of remote attestation and remote authentication, It can be determined by a network management system or network controller.

As shown in FIG. 3, both file check boot-up and file measurement boot-up can be performed. If the file check fails, the boot is halted. However, with file measurements, only measurements of the boot process or information related to the boot process are recorded, and file measurements do not interfere with booting. As shown in FIG. 3, when File Check is booted up, the system firmware initializes the entire hardware system and checks the system loader which runs in the next phase. In other words, a comparison of the HASH signatures of the system loaders, which is performed in the next phase, is performed. If the system loader's measurements do not match the system loader's reference values, the system loader's boot is halted. If the system loader's measurements match the system loader's baseline, the system loader is booted up and the system loader checks the system kernel to be executed in the next phase. If the system kernel measurement does not match the system kernel baseline, the system kernel boot is halted. If the system kernel measurement matches the system kernel baseline, the system kernel is booted up. As shown in FIG. 3, the system loader and system kernel are also checked when File Measurement is booted up. However, the check does not interfere with booting the system loader and booting the system kernel, only measurements of the boot process or information related to the boot process are recorded in the TPM.

Further, as shown in FIG. 4, the remote attestation server uses the network to collect security attributes of the network device or node transmitted by the network device or node by using a specific format and interaction process. , it can then securely send the security attributes to a remote attestation server using a challenge-response interaction mechanism and perform verification according to specific policies to finally prove whether the device is trustworthy. In addition, to ensure the security of the device and communications during the entire remote attestation protocol interaction process, to support necessary operations such as verification and viewing of certificates during the protocol interaction process, certificate application and A certificate mechanism, such as revocation, needs to be pre-deployed. A network device or node may be a server, an internet of things (IoT) gateway, or a terminal. Security attributes of network devices or nodes include software and hardware integrity values, configuration information, node status, and the like. A network device or node computes an integrity value from the central processing unit (CPU) & TPM, through the BIOS, GRUB, system kernel (kernel) and finally the application (App) chain of trust and can be recorded.
As shown in FIG. 4, the device layer, communication layer and management layer trusted mobile, remote attestation and end-to-end trusted execution environments can be implemented on terminals, gateways and cloud terminals.

The data collection mode is implemented by using a challenge-response interaction mechanism in the aforementioned remote attestation process. In this mode, the remote attestation server must first send a request to the network device, which then feeds back data such as the network device's security attributes to the remote attestation server. As a result, this data collection mode is neither flexible nor timely, and poses some security risks. In addition, the need for the server to initiate requests causes extra message exchanges and is inefficient.

With this in mind, embodiments of the present application provide data collection methods applied to the remote attestation process. An example is used in the method where data is collected based on the subscription/publish and push mechanism of the network configuration protocol (NETCONF). NETCONF is a network configuration protocol used in network configuration management tools. NETCONF provides mechanisms for installing, querying, reading, writing and deleting network device configuration files. Compared to command-line interface (CLI) and simple network management protocol (SNMP), NETCONF is more flexible and scalable. In addition, NETCONF is based on a remote procedure call (RPC) layer and uses an extensible markup language (XML) data format to implement installation, operation and configuration for network device configuration. Provide a deletion mechanism.

The NETCONF protocol is divided into four layers:

The content layer represents a set of managed objects.

The operations layer defines a set of basic primitive operations used in RPC. These operations constitute the basic functionality of NETCONF.

The RPC layer provides a simple and transport-protocol-independent mechanism for encoding RPC modules.

Communication protocol layer: Unlike SNMP, which uses a connectionless user datagram protocol (UDP) as its transmission protocol, NETCONF is connection-oriented and requires persistent connections between communications. In addition, this connection should provide reliable and continuous data transmission. Currently, secure shell protocol (SSH), transport layer security (TLS) protocol, etc. are supported.

Additionally, in the methods provided in this embodiment of the application, Yang push is used to provide a standard mechanism so that any data described using the YANG model in the system can be subscribed to. can be After the subscription path and subscription mode are specified, if the periodic feedback-based subscription mode is selected, the system will push the specified data to the subscriber after the specified time period expires. If the on change mode (ie, event-triggered feedback-based subscription mode) is selected, the system pushes data to subscribers when the subscribed data changes.

The data collection method provided in this embodiment of the present application is then used as an illustrative example. As shown in FIG. 5, the method includes the following steps.

At step 501, a remote attestation server delivers a subscription configuration to a network device, and the subscription configuration is used to subscribe to information related to remote attestation performed by the network device.

In this application, a subscription mode is used. The remote attestation server delivers subscription configurations to network devices to subscribe to information related to remote attestations performed by the network devices. Optionally, the subscription configuration includes one or more of a data stream subscription configuration and an event subscription configuration. For example, a remote attestation server delivers data stream subscription configurations to network devices to subscribe to information related to data streams for remote attestation performed by the network devices. Alternatively, the remote attestation server delivers event subscription configurations to network devices to subscribe to information related to events for remote attestation performed by the network devices. Alternatively, the remote attestation server uses the data stream subscription configuration and the event subscription configuration to subscribe to information related to data streams and events for remote attestation performed by the network device. Deliver to device. The remote attestation server may or may not deliver the data stream subscription configuration and the event subscription configuration to the network device at the same time. This is not a limitation in this embodiment of the application.

The information associated with the data stream may be various types of information associated with the trust of the network device, including but not limited to each layer of the trust chain recorded when the network device is booted up. software integrity information in a network device, operating system dynamic integrity information recorded when a network device operates, software dynamic integrity information recorded when a network device operates, associated with a network device identification certificate and remote attestation certificate associated with the network device.

Events include, but are not limited to, one or more of device boot, device upgrade, specific mode attack event, master/slave switch, board insert/remove/switch and certificate life cycle event. include. A board switch event includes an event that performs a switch of the board on which the service is located. The types of data streams and types of events to which remote attestation servers subscribe may be determined based on application scenarios. This is not a limitation in this embodiment of the application.

Optionally, the subscription configuration may further include a subscription mode, wherein the subscription mode is used to indicate a mode of feeding back subscription information, the subscription mode is a periodic feedback-based subscription mode and event-triggered feedback-based subscription modes. Optionally, different types of information correspond to different subscription modes. For example, for some critical security data streams, an event-triggered feedback-based subscription mode may be configured such that when the subscribed data changes, the network device reports the changed data remotely. Immediate feedback to the attestation server. For generic security data streams, a periodic feedback-based subscription mode may be configured such that after a period of time expires, the network device feeds back the subscribed data to the remote attestation server. Of course, the subscription mode could alternatively be determined by using another policy. For example, the subscription mode is determined based on application scenarios. This is not a limitation in this embodiment of the application.

Optionally, a subscription configuration may further include a filter configuration. Filter configurations are used to filter information related to data streams or events. It should be appreciated that while data stream subscriptions and event subscriptions are information subscriptions in relatively broad terms, filters can be understood as limiting conditions. Specifically, more detailed information is selected from a relatively broad range of information, so that the data collected is more targeted.

In an optional implementation of this embodiment of the application, a remote attestation server is configured to deliver subscription configurations to network devices regardless of what content is configured for subscriptions in the subscription configurations. The mode of delivering the subscription configuration to the network device includes, but is not limited to, the mode of establishing a network configuration protocol session with the network device, and the mode of delivering the subscription configuration to the network device based on the network configuration protocol session. Contains one or more of the modes.

Optionally, in the methods provided in this embodiment of the application, the time validity of the subscription configuration can be further bounded by the time validity of the network configuration protocol session. After the subscription configuration has been delivered based on the network configuration protocol session, dynamic subscriptions may be implemented based on the network configuration protocol session. In other words, if the network configuration protocol session is valid, the subscription may continue based on the subscription configuration. Once the network configuration protocol session is disconnected, the subscription configuration is no longer valid and the subscription cannot be continued based on the subscription configuration so that network device status can be dynamically monitored. . In this mode, corresponding dynamic subscription RPCs can be defined to reduce redundant information exchange.

Of course, the time validity of the subscription configuration cannot be bound by the time validity of the network configuration protocol session. After delivering the subscription configuration based on the network configuration protocol session, the configuration subscription is implemented independent of the network configuration protocol session. In other words, whether or not the network configuration protocol session is disconnected, the subscription can still continue based on the subscription configuration and the status of the network device can be constantly monitored.

Whether the time validity of the subscription configuration is bound by the time validity of the network configuration protocol session may be determined based on the type of data collected. For example, for some critical security data, the time validity of the subscription configuration may not be bound by the time validity of the network configuration protocol session, and monitoring is always performed in on-change mode. In the case of generic security data, the time validity of the subscription configuration may be bounded by the time validity of the network configuration protocol session in order to read the relevant information periodically during the boot process of the NETCONF session.

At step 502, a network device receives a subscription configuration delivered by a remote attestation server.

Optionally, if the network device has established a network configuration protocol session with a remote attestation server, after the remote attestation server delivers the subscription configuration based on the network configuration protocol session, the network device establishes a network configuration protocol Receives a subscription configuration delivered by a remote attestation server based on the session.

At step 503, the network device feeds back subscription information to the remote attestation server based on the subscription configuration.

After receiving the subscription configuration delivered by the remote attestation server, the network device may obtain subscription information that needs to be fed back to the remote attestation server based on the subscription configuration.

Optionally, if the subscription configuration includes a data stream subscription configuration, feeding back the subscription information to the remote attestation server based on the subscription configuration comprises: based on the data stream subscription configuration, the network device software integrity information at each layer of the trust chain recorded when the network device is booted up; dynamic integrity information of the operating system recorded as the network device operates; feedback to the remote server one or more of: dynamic integrity information of the software; identification credentials associated with the network device; and remote attestation credentials associated with the network device. The type of subscription information that is fed back may be determined based on the subscription requirements in the subscription configuration. For example, if the subscription configuration requires the network device to subscribe to software integrity information at each layer of the chain of trust that is recorded when the network device is booted up, the network device , feeds back to the remote attestation server software integrity information at each layer of the chain of trust that is recorded when the network device is booted up.

Optionally, if the subscription configuration includes an event subscription configuration, feeding back the subscription information to the remote attestation server based on the event subscription configuration includes: device boot event, device Feeding back to the remote server information related to one or more of the triggered events: upgrade events, specific mode attack events, master/slave switching events, board insertion/removal/switching events, and certificate lifecycle events. Including stages. The type of subscription information that is fed back may be determined based on the subscription requirements in the subscription configuration. For example, if the subscription configuration requires subscribing to information related to device booting, after the network device is booted up, the network device receives the The information obtained later is fed back to the remote attestation server as subscription information.

Optionally, the subscription configuration may further include a subscription mode, wherein the subscription mode is used to indicate a mode of feeding back subscription information, the subscription mode is a periodic feedback-based subscription mode , an event-triggered feedback-based subscription mode, or a combination of periodic and event-triggered feedback-based subscription modes. Optionally, different types of information correspond to different modes of feeding back subscription information. The network device feeds back subscription information to the remote attestation server based on subscription modes included in the subscription configuration. A particular subscription mode used to feed back subscription information may be determined based on the subscription requirements in the subscription configuration. For example, if the subscription mode required by the subscription configuration is a periodic feedback-based subscription mode, the network device feeds back the obtained subscription information to the remote attestation server after the period expires.

if the subscription configuration further includes a filter configuration, after collecting information related to the data streams and events subscribed to in the subscription configuration, the network device filters the collected information based on the filter configuration; Next, get the subscription information that satisfies the subscription requirements.

At step 504, a remote attestation server receives subscription information fed back by a network device based on a subscription configuration.

After receiving the subscription information fed back by the network device, the remote attestation server may complete data collection and perform remote attestation based on the subscription information. For example, verification is performed according to certain policies to conclusively prove whether a network device is trustworthy. In this manner, a remote attestation can dynamically monitor the security attributes of network devices to prevent them from being tampered with, replaced, copied, or the like.

In this embodiment of the application, the remote attestation server delivers the subscription configuration to the network device, and the network device may automatically feed back the subscription information based on the subscription configuration, resulting in remote attestation. Security risks are reduced due to more flexible and timely data collection modes at stations. In addition, data collection efficiency is improved by reducing redundant message exchanges as the remote attestation server does not have to deliver the subscription configuration multiple times.

Additionally, the method provided in this embodiment of the application further includes the remote attestation server delivering the data processing parameters to the network device. A network device receives data processing parameters delivered by a remote attestation server. Based on this, the subscription information fed back by the network device to the remote attestation server is the information obtained after processing is performed based on the data processing parameters. In this mode, the remote attestation server sends data processing parameters such as nonce, hash signature algorithm and designated TPM name in advance to the network device for later use.

For example, to obtain the TPM's PCR value, the data processing parameters include a nonce, a PCR-list array, a signature algorithm identifier for the completion message, and a public-key-identifier that can be used. The contents of each parameter are as follows.

The Nonce is different each time. The nonce value, expressed as a time number, is recorded by using a time stamp, or the nonce value, expressed as a specific number, is incremented each time. Remote attestation servers and network devices may determine the time validity and non-repetition of received messages based on the Nonce. In addition to using nonce to verify time-validity and non-repeatingness of messages, in some embodiments of the present application, remote attestation servers also use seeds and continuously computed hash algorithm identifiers. The network device and the remote attestation server collectively confirm the time validity and non-repeatedness of the received remote attestation messages by synchronously performing operations. Alternatively, a time-based unidirectional attestation (RATS TUDA) mechanism can be used to implement functionality similar to that of Nonce. The RATS TUDA mechanism is essentially a one-way remote attestation protocol. Specifically, the attester (network device) unidirectionally sends the attestor's integrity evidence to the verifier (remote attestation server), which completes the verification function. The RATS TUDA mechanism mainly introduces a trusted third party, the trusted time stamp authority (TSA). The verifier verifies the time validity of the received remote attestation message using the attester's timestamp information carried in the received remote attestation message and the time stamp token (TST) provided by the TSA. and non-repeatability are determined collectively.

The PCR-list array contains multiple pieces of PCR information. The PCR information consists of a PCR register number and, for example, a digital signature algorithm (DSA), an elliptic curve digital signature algorithm (ECDSA) or an Edwards-curve digital signature algorithm (ECDSA). algorithm, specific signature algorithms used for PCR information, such as EDDSA).

The completion message signature algorithm includes DSA, ECDSA, EDDSA, or the like. In this embodiment of the application, the parameter is an optional group of signature algorithms. The attester may independently randomly select a signature algorithm and indicate the selected signature algorithm in the returned message.

A public-key-identifier that may be used specifies the public/private key pair used for signing and verification. In this embodiment of the application, the parameter is an optional group of public key numbers. The attester may independently randomly select a public key and specify the selected public key in the returned message.

A target TPM name/number is a group of TPM names. The attester may make decisions according to several policies, such as (1) selecting TPMs for collection, (2) sending TPMs with varying PCR values, (3) checking the PCR values of all TPMs are sent in a particular order.

In another example, if the verifier needs to retrieve the PCR values of the stored management log (SML) stored in attester (network device), the data processing parameters sent include the node name and , SML logging selection mode, log type and PCR-list array. The contents of each parameter are as follows.

Node Name: In this embodiment of the application, the parameter is a group of node names. After the verifier delivers the node name to the attester, the attester may make decisions according to some policy. For example, (1) attester selects nodes for collection, (2) sends nodes whose SML log files change, and (3) sends all/updated SML values for each node in a particular order. Send.

The SML logging selection modes are as follows. A log record is selected after the last one is retrieved, a log record is retrieved according to a specified number, or a log record is retrieved according to a specified time. After the Verifier delivers the SML's log selection mode to the attester, the attester may independently randomly select the selection mode and specify the selected mode in the returned message.

The log type is BIOS or integrity measurement architecture (IMA).

The PCR-list array contains multiple pieces of PCR information. The PCR information includes the PCR register number and the specific signature algorithm used for the PCR information, eg DSA, ECDSA or EDDSA.

The foregoing two examples of data processing parameters are merely exemplary embodiments of the methods provided in this embodiment of the application, and data processing parameters of different types or with other content may be applied to different application scenarios. It should be understood that further distribution may be made based on This is not a limitation in this embodiment of the application. Regardless of what type of data processing parameters are used, after obtaining the relevant information used for remote attestation, the network device processes the obtained information based on the data processing parameters, and then processes the The information obtained can be fed back to the remote attestation server. For example, the retrieved information is encrypted based on an encryption algorithm within the data processing parameters.

In conclusion, in the present embodiment of the present application, in NETCONF pub/sub and push mechanisms, widely-used scenarios exist within existing fixed networks, flexibility, high efficiency, advance notification and time availability, etc. The benefits of the mechanism are inherited. In addition, a device-side event-triggered remote attestation mechanism is implemented by proactive feedback of subscription information by network devices. Additionally, the nonce is random and synchronous so that the information can be used in the interaction mechanisms provided in this embodiment of the application.

For ease of understanding, the following two examples are used for illustration.

(1) For events subscribed in configuration subscription mode.

1. For example, subscription configurations include data stream subscription configurations, event subscription configurations, filter subscription configurations and subscription modes, and remote attestation servers also deliver data processing parameters. The contents are as follows.

The content of the datastream subscription configuration is
data stream: pcr-trust-evidence,
bios-log-trust-evidence, and
ima-log-trust-evidence
including.

The content of the event subscription configuration is
event name: 1001, and
Event Type: Includes Device boot completed.

The data processing parameters for the data stream are
Type of remote attestation: tpm2-attestation-challenge
pcr library: aaa,
pcr-indices: 6,
hash algorithm ID: 14, nonce-value: 0x564ac291,
signature-identifier-type: TPM_ALG-ID: 2,
Key-id: public-key 0x784a22bf
including.

The filter subscription configuration is
the yang model of the vendor's device: xxx-vendor-device, and
Device ID of device: 030DLA106C0522221111
including.

subscription mode
Periodic feedback: periodic,
subscription duration: 500, and
Security data stream pushed: 1001 (same as device boot event ID in event subscription configuration)
including.

Based on the previous subscription configuration, the configuration information is as follows.

A yang data model is defined, subscription data stream types and subscription event types are described, and configuration subscriptions are implemented. FIG. 6 shows the tree structure of the related configuration subscription data model. An example tree structure is written based on IETF RFC8340.

For the lower layer transmission protocol NETCONF, the remote attestation server is the NETCONF client and the network device is the NETCONF server. As shown in FIG. 7, a NETCONF client (remote attestation server) first establishes a netconf session with a NETCONF server (network device) and uses the yang data model to create an associated remote attestation subscription configuration. to the NETCONF server. The NETCONF server periodically sends notification (notification) to periodically push relevant data, ie subscription information, to the NETCONF client. Configuration subscriptions are independent of netconf sessions. After a session is down (session is down), the configuration subscription still exists and the NETCONF server still periodically sends notifications to the NETCONF client.

2. For example, subscription configurations include data stream subscription configurations, event subscription configurations, filter subscription configurations and subscription modes, and remote attestation servers also deliver data processing parameters. The contents are as follows.

The contents of the datastream subscription configuration are datastreams: pcr-trust-evidence (PCR-trust-evidence), bios-log-trust-evidence (BIOS-log-trust-evidence), and ima-log-trust-evidence evidence (IMA-log-trust-evidence)
including.

The content of the event subscription configuration is
event name: 1002, and
Event type: includes master/slave switching.

The data processing parameters for the data stream are
Type of remote attestation: log-retrieval,
log-selector configuration: node-name is aaa,
node-physical-index: 77,
index-type: selected as last-entry-value: 010101,
log-type: bios, pcr library: aaa, pcr-indices: 7,
hash algorithm ID: 14 and log-entry-quantity: 69
including.

The filter subscription configuration is
the yang model of the vendor's device: xxx-vendor-device, and
Device ID of device: xxxx
including.

subscription mode
on-change reporting: on-change,
Security data stream pushed: 1002 (same as master/slave switching event ID)
including.

Based on the previous subscription configuration, the configuration information is as follows.

As shown in Figure 8, the NETCONF client establishes a netconf session with the NETCONF server and uses the yang data model to deliver the associated remote attestation subscription configuration to the NETCONF server. If the subscribed important data changes, the NETCONF server will send a notification to the NETCONF client to push the relevant data, ie the subscription information. A configuration subscription may not depend on a netconf session. After the session is down, the configuration subscription still exists and the NETCONF server still periodically sends notifications to the NETCONF client.

When a subscription event is triggered, the NETCONF server sends a notification of the following format to the NETCONF client. FIG. 9 shows the tree structure of the related dynamic subscription data model. An example tree structure is written based on IETF RFC8340.

(2) For attestation events subscribed in dynamic subscription mode.

1. For example, subscription configurations include data stream subscription configurations, filter subscription configurations and subscription modes. The contents are as follows.

The content of the datastream subscription configuration is
Type of remote attestation: tpm2-attestation-challenge
pcr library: aaa, pcr-indices: 7,
hash algorithm ID: 5,
nonce-value: 0xa45668b1,
signature-identifier-type: TPM_ALG-ID: 2, and
Key-id: public-key 0xad3567c3
including.

The filter subscription configuration is
the yang model of the vendor's device: xxx-vendor-device, and
Device ID of device: xxxx
including.

subscription mode
Periodic reporting: periodic,
subscription duration: 500, and
Security data stream pushed: 1001 (same as device boot event ID)
including.

Based on the previous subscription configuration, the configuration information is as follows.

A yang data model is defined, subscription data stream types and subscription event types are described, and dynamic subscriptions are implemented. FIG. 10 shows the tree structure of the related dynamic subscription data model. An example tree structure is written based on IETF RFC8340.

In a dynamic subscription, when a netconf session starts, the NETCONF client sends a subscription RPC to the NETCONF server. The NETCONF server pushes the subscription information periodically or if there is a netconf session, it pushes the subscription information to the NETCONF client in on-change mode within a period of time. For example, as shown in Figure 11, a NETCONF client establishes a netconf session with a NETCONF server and uses RPC to deliver the associated remote attestation subscription configuration to the NETCONF server. The NETCONF server periodically sends notifications to periodically push relevant data, ie subscription information, to the NETCONF client. Dynamic subscriptions rely on netconf sessions. If the session is down, the subscription disappears.

2. For example, subscription configurations include data stream subscription configurations, filter subscription configurations and subscription modes. The contents are as follows.

The content of the datastream subscription configuration is
Type of remote attestation: log-retrieval,
log-selector configuration: node-name is linecard-2,
node-physical-index: 77,
index-type: selected as last-entry-value: 28,
log-type: bios, pcr library: aaa, pcr-indices: 7,
hash algorithm ID: 5, and
log-entry-quantity: 69
including.

The content of the event subscription configuration is
event name: 1008, and
Event Type: Includes Device Upgrade.

The content of the filter subscription configuration is
the yang model of the vendor's device: xxx-vendor-device, and
Device ID of device: xxxx
including.

subscription mode
on-change reporting: on-change,
Security data stream pushed: 1008 (same as device upgrade event ID)
including.

Based on the previous subscription configuration, the configuration information is as follows.

As shown in Figure 12, the NETCONF client establishes a netconf session with the NETCONF server and uses RPC to deliver the associated remote attestation subscription configuration to the NETCONF server. If the subscribed important data changes, the NETCONF server will send a notification to the NETCONF client to push the relevant data, ie the subscription information. Dynamic subscriptions rely on netconf sessions. If the session is down, the subscription disappears.

When a subscription event is triggered, the NETCONF server sends a notification of the following format to the NETCONF client. FIG. 13 shows the tree structure of the related dynamic subscription data model. An example tree structure is written based on the international standard RFC8340.

In conclusion, in the method provided in this embodiment of the present application, the latest netconf/representative state transfer configuration protocol (RESCONF) pub(publication)/sub(subscription) and push(push) mechanisms are used and the method is widely used in existing fixed networks. If the mechanism is compatible with other protocols and message encoding formats, e.g., RESCONF+JS object notation (JSON)/extensible markup language (XML) and constrained application protocol , CoAP)+concise binary object representation (CBOR). In this way, the mechanism can be easily ported to scenarios such as the web (Internet), IoT and mobile devices. Another protocol's data collection method has the same principle as NETCONF. The details are not described here again.

Based on the same technical concept, the embodiments of the present application further provide a data collection device. The device is used in the remote attestation process.
Referring to Figure 14, the device comprises:
A sending module 141 configured to deliver a subscription configuration to a network device, wherein the subscription configuration is used to subscribe to information related to remote attestation performed by the network device. 141 and
a receiving module 142 configured to receive subscription information fed back by the network device based on the subscription configuration.

Optionally, the sending module 141 is further configured to deliver the data processing parameters to the network device, and the subscription information includes information obtained after processing is performed based on the data processing parameters.

Optionally, the sending module 141 is configured to establish a network configuration protocol session with the network device and deliver the subscription configuration to the network device based on the network configuration protocol session.

Based on the same technical concept, the embodiments of the present application further provide a data collection device. The device is used in the remote attestation process.
Referring to Figure 15, the device comprises:
A receiving module 151 configured to receive a subscription configuration delivered by a remote attestation server, the subscription configuration for subscribing to information related to remote attestation performed by a network device. a receiving module 151 used,
and a sending module 152 configured to feed back subscription information to a remote attestation server based on a subscription configuration.

Optionally, if the subscription configuration includes a data stream subscription configuration, sending module 152 based on the data stream subscription configuration:
software integrity information at each layer of the trust chain recorded when the network device is booted up;
operating system dynamic integrity information recorded as network devices operate;
dynamic software integrity information recorded as network devices operate;
Identity certificates associated with network devices; and
configured to feed back to a remote server one or more of: remote attestation certificate information associated with the network device.

Optionally, if the subscription configuration includes an event subscription configuration, the sending module 152 sends device boot events, device upgrade events, specific mode attack events, master/slave switching events, It is configured to feed back information related to one or more of the triggered events of board insertion/removal/switching events and certificate lifecycle events to a remote server.

Optionally, the subscription configuration further comprises a subscription mode, wherein the subscription mode is used to indicate a mode of feeding back subscription information, the subscription mode is a periodic feedback-based subscription mode and an event including one or a combination of triggered-based subscription modes;
The sending module 152 is configured to feed back the subscription information to the remote attestation server based on the subscription mode included in the subscription configuration.

Optionally, the receiving module 151 is further configured to receive data processing parameters delivered by the remote attestation server, and the subscription information fed back by the sending module determines whether the processing is performed based on the data processing parameters. contains information obtained after the

Optionally, the receiving module 151 is configured to establish a network configuration protocol session with a remote attestation server and receive a subscription configuration delivered by the remote attestation server based on the network configuration protocol session. be.

When the device provided above implements the functionality of the device, the division into functional modules described above is only used as an illustrative example. In practical applications, the aforementioned functions may be assigned and implemented by different functional modules based on requirements. That is, the internal structure of the device is divided into different functional modules in order to implement all or some of the previously described functions. In addition, the apparatus and method embodiments provided in the foregoing embodiments relate to the same concept. Please refer to the method embodiments for their specific implementation processes. The details are not described here again.

Based on the same concept, embodiments of the present application further provide a data collection device. Referring to FIG. 16, the device includes memory 161 and processor 162 . Memory 161 stores at least one instruction that is loaded and executed by processor 162 to implement any one of the aforementioned data collection methods provided in the embodiments herein. .

Embodiments of the present application further provide a communication device. Referring to FIG. 17, the device includes transceiver 171 , memory 172 and processor 173 . Transceiver 171, memory 172, and processor 173 communicate with each other through an interconnect channel. Memory 172 is configured to store instructions. Processor 173 is configured to execute instructions stored in memory to control transceiver 171 to receive signals and to control transceiver 171 to transmit signals. Additionally, when processor 173 executes instructions stored in memory 172, processor 173 is enabled to perform any one of the data collection methods described above.

Embodiments of the present application further provide communication systems. The system includes the device shown in FIG. 14 and the device shown in FIG.

A data collection device in this application may be a personal computer (PC), a server or a network device. For example, data collection devices may be routers, switches or servers, or the like.

Based on the same concept, embodiments of the present application further provide a computer-readable storage medium. The storage medium stores at least one instruction, which is loaded and executed by the processor to implement any one of the aforementioned data collection methods provided in the embodiments herein.

Embodiments of the present application further provide a chip that includes a processor. The processor is configured to recall and execute instructions stored in the memory from the memory, such that the communication device to which the chip is attached performs any one of the data collection methods described above.

Embodiments of the present application further provide chips that include an input interface, an output interface, a processor, and a memory. The input interface, output interface, processor and memory are connected through an internal connection channel. The processor is configured to execute code in memory. When the code is executed, the processor is configured to perform any one of the data collection methods described above.

The processor may be a Central Processing Unit (CPU), another general purpose processor, a digital signal processor (DSP) or an application specific integrated circuit (ASIC), field It may be a field-programmable gate array (FPGA) or another programmable logic device, discrete gate or transistor logic device or discrete hardware component, or the like. A general-purpose processor may be such as a microprocessor or any conventional processor. Note that the processor may be a processor supporting advanced RISC machines (ARM) architecture.

Additionally, in optional embodiments, there are one or more processors and one or more memories. Optionally, the memory may be integrated with the processor, or the memory and processor may be separately located. Memory, including read-only memory and random-access memory, may provide instructions and data to the processor. The memory may further include non-volatile random access memory. For example, the memory may also store information about device type.

The memory may be volatile memory or non-volatile memory, and may include both volatile and non-volatile memory. Non-volatile memory includes read-only memory (ROM), programmable read-only memory (ROM, PROM), erasable programmable read-only memory (erasable PROM, EPROM), electrically erasable programmable read-only memory ( electrically EPROM, EEPROM) or flash memory. Volatile memory, which can be random access memory (RAM), is used as an external cache. For example, without limitation, many forms of RAM such as static random access memory (SRAM), dynamic random access memory (DRAM), synchronous dynamic random access memory (SDRAM). ), double data rate synchronous dynamic random access memory (double data rate SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (enhanced SDRAM, ESDRAM), synclink dynamic random access memory (synchlink DRAM, SLDRAM) and direct Rambus random access memory (direct rambus RAM, DR RAM) is available.

The present application provides a computer program. When the computer program is executed by a computer, the processor or computer may be enabled to perform the corresponding steps and/or procedures in the foregoing method embodiments.

All or some of the above-described embodiments may be implemented using software, hardware, firmware, or any combination thereof. When software is used to implement the embodiments, all or some of the embodiments can be implemented in the form of a computer program product. A computer program product includes one or more computer instructions. The computer program instructions, when loaded and executed on a computer, produce all or some of the procedures or functions in accordance with the present application. The computer may be a general purpose computer, special purpose computer, computer network or another programmable device. The computer instructions may be stored in computer-readable storage media and may be transmitted from one computer-readable storage medium to another computer-readable storage medium. For example, computer instructions may be transferred from one website, computer, server or data center to another website, computer, server or data center by wire (e.g. coaxial cable, fiber optic or digital subscriber line) or wirelessly (e.g. , infrared, radio or microwave) modes. A computer-readable storage medium can be any available medium that can be accessed by the computer or a data storage device such as a server or data center that integrates one or more available media. The usable media may be magnetic media (eg floppy disks, hard disks or magnetic tapes), optical media (eg DVDs) or semiconductor media (eg solid state drives).

The foregoing descriptions are merely embodiments of the present application and are not intended to limit the present application. Any modification, equivalent replacement or improvement made without departing from the principles of the present application shall fall within the protection scope of the present application.
[other possible items]
(Item 1)
A data collection method, said method being applied to a remote attestation process, said method comprising:
delivering a subscription configuration to a network device by a remote attestation server, the subscription configuration being used to subscribe to information related to remote attestation performed by the network device; stages and
and the remote attestation server receiving subscription information fed back by the network device based on the subscription configuration.
(Item 2)
The method of item 1, wherein the subscription configuration comprises one or more of a data stream subscription configuration and an event subscription configuration.
(Item 3)
If said subscription configuration includes said data stream subscription configuration, said subscription information is:
software integrity information at each layer of the chain of trust recorded when the network device is booted up;
operating system dynamic integrity information recorded as the network device operates;
software dynamic integrity information recorded when the network device operates;
an identity certificate associated with said network device; and
including one or more of the following information: Remote Attestation Certificate associated with said network device;
The method of item 2.
(Item 4)
When said subscription configuration includes said event subscription configuration, said subscription information is device boot, device upgrade, specific mode attack event, master/slave switch, board insert/remove/switch and certificate lifecycle events. 3. The method of item 2, including information related to one or more of the triggered events.
(Item 5)
The subscription configuration further includes a subscription mode, wherein the subscription mode is used to indicate a mode of feeding back the subscription information, the subscription mode includes a periodic feedback-based subscription mode and an event-triggered subscription mode. 5. The method of any one of items 1-4, comprising one or a combination of formula feedback-based subscription modes.
(Item 6)
6. The method of item 5, wherein different types of information correspond to different subscription modes.
(Item 7)
7. The method of any one of items 1-6, wherein the subscription configuration further comprises a filter configuration, and wherein the subscription information comprises information obtained after filtering is performed based on the filter configuration. .
(Item 8)
The method further comprises delivering data processing parameters to the network device, wherein the subscription information includes information obtained after processing is performed based on the data processing parameters. 8. The method of any one of items 1-7, comprising:
(Item 9)
The above steps of delivering the subscription configuration to the network device are:
establishing a network configuration protocol session with the network device and delivering the subscription configuration to the network device based on the network configuration protocol session;
9. The method of any one of items 1-8.
(Item 10)
A data collection method, said method being applied to a remote attestation process, said method comprising:
a network device receiving a subscription configuration delivered by a remote attestation server, the subscription configuration being used to subscribe to information related to remote attestation performed by the network device; receiving,
said network device feeding back subscription information to said remote attestation server based on said subscription configuration.
(Item 11)
11. The method of item 10, wherein the subscription configuration comprises one or more of a data stream subscription configuration and an event subscription configuration.
(Item 12)
If the subscription configuration includes the data stream subscription configuration, the step of feeding back subscription information to the remote attestation server based on the subscription configuration comprises:
Based on the data stream subscription configuration above,
software integrity information at each layer of the chain of trust recorded when the network device is booted up;
operating system dynamic integrity information recorded as the network device operates;
software dynamic integrity information recorded when the network device operates;
an identity certificate associated with said network device; and
feeding back to said remote server one or more of the following information: remote attestation certificates associated with said network device;
12. The method of item 10 or 11.
(Item 13)
If the subscription configuration includes the event subscription configuration, the step of feeding back subscription information to the remote attestation server based on the subscription configuration comprises:
Based on the above event subscription configuration, one or more of the following triggered events: device boot, device upgrade, specific mode attack event, master/slave switch, board insert/remove/switch and certificate life cycle event feeding back to said remote server information related to
13. The method of item 11 or 12.
(Item 14)
The subscription configuration further includes a subscription mode, wherein the subscription mode is used to indicate a mode of feeding back the subscription information, the subscription mode includes a periodic feedback-based subscription mode and an event-triggered subscription mode. including one or a combination of formula feedback-based subscription modes;
The step of feeding back subscription information to the remote attestation server based on the subscription configuration comprises:
feeding back the subscription information to the remote attestation server based on the subscription mode included in the subscription configuration;
14. The method of any one of items 10-13.
(Item 15)
15. The method of item 14, wherein different types of information correspond to different subscription modes.
(Item 16)
16. The method of any one of items 10-15, wherein the subscription configuration further comprises a filter configuration and the subscription information comprises information obtained after filtering is performed based on the filter configuration. .
(Item 17)
The method comprises receiving data processing parameters delivered by the remote attestation server, wherein the subscription information includes information obtained after processing is performed based on the data processing parameters. 17. The method of any one of items 10-16, further comprising receiving.
(Item 18)
The above step of receiving a subscription configuration delivered by a remote attestation server includes:
establishing a network configuration protocol session with the remote attestation server and receiving the subscription configuration delivered by the remote attestation server based on the network configuration protocol session;
18. The method of any one of items 10-17.
(Item 19)
A data collection device, said device being used in a remote attestation process, said device comprising:
A sending module configured to deliver a subscription configuration to a network device, the subscription configuration being used to subscribe to information related to remote attestation performed by the network device. a module;
a receiving module configured to receive subscription information fed back by the network device based on the subscription configuration.
(Item 20)
20. The apparatus of item 19, wherein the subscription configuration includes one or more of a data stream subscription configuration and an event subscription configuration.
(Item 21)
If said subscription configuration includes said data stream subscription configuration, said subscription information is:
software integrity information at each layer of the chain of trust recorded when the network device is booted up;
operating system dynamic integrity information recorded as the network device operates;
software dynamic integrity information recorded when the network device operates;
an identity certificate associated with said network device; and
including one or more of the following information: Remote Attestation Certificate associated with said network device;
21. Apparatus according to item 20.
(Item 22)
When said subscription configuration includes said event subscription configuration, said subscription information is device boot, device upgrade, specific mode attack event, master/slave switch, board insert/remove/switch and certificate lifecycle events. 21. Apparatus according to item 20, including information related to one or more of the triggered events.
(Item 23)
The subscription configuration further includes a subscription mode, wherein the subscription mode is used to indicate a mode of feeding back the subscription information, the subscription mode includes a periodic feedback-based subscription mode and an event-triggered subscription mode. 23. Apparatus according to any one of items 19 to 22, including one or a combination of formula feedback-based subscription modes.
(Item 24)
24. The apparatus of item 23, wherein different types of information correspond to different subscription modes.
(Item 25)
25. The apparatus of any one of items 19-24, wherein the subscription configuration further comprises a filter configuration, and wherein the subscription information comprises information obtained after filtering is performed based on the filter configuration. .
(Item 26)
from item 19, wherein the sending module is further configured to deliver data processing parameters to the network device, wherein the subscription information includes information obtained after processing is performed based on the data processing parameters; 26. Apparatus according to any one of Clauses 25.
(Item 27)
27. Any one of items 19 to 26, wherein the sending module is configured to establish a network configuration protocol session with the network device and deliver a subscription configuration to the network device based on the network configuration protocol session. 3. Apparatus according to paragraph.
(Item 28)
A data collection device, said device being used in a remote attestation process, said device comprising:
A receiving module configured to receive a subscription configuration delivered by a remote attestation server, said subscription configuration for subscribing to information related to remote attestation performed by said network device. a receiving module for
a sending module configured to feed back subscription information to said remote attestation server based on said subscription configuration.
(Item 29)
29. The apparatus of item 28, wherein the subscription configuration includes one or more of a data stream subscription configuration and an event subscription configuration.
(Item 30)
If the subscription configuration includes the data stream subscription configuration, the sending module based on the data stream subscription configuration:
software integrity information at each layer of the chain of trust recorded when the network device is booted up;
operating system dynamic integrity information recorded as the network device operates;
software dynamic integrity information recorded when the network device operates;
an identity certificate associated with said network device; and
configured to feed back to said remote server one or more of the following information: Remote Attestation Certificate associated with said network device;
30. Apparatus according to item 28 or 29.
(Item 31)
If the subscription configuration includes the event subscription configuration, the sending module performs device boot, device upgrade, specific mode attack event, master/slave switching, board insertion/removal/ 31. Apparatus according to item 29 or 30, configured to feed back information related to one or more of triggered events of switching and certificate lifecycle events to said remote server.
(Item 32)
The subscription configuration further includes a subscription mode, wherein the subscription mode is used to indicate a mode of feeding back the subscription information, the subscription mode includes a periodic feedback-based subscription mode and an event-triggered subscription mode. including one or a combination of formula feedback-based subscription modes;
the sending module is configured to feed back the subscription information to the remote attestation server based on the subscription mode included in the subscription configuration;
32. Apparatus according to any one of items 28-31.
(Item 33)
33. Apparatus according to item 32, wherein different types of information correspond to different subscription modes.
(Item 34)
34. The apparatus of any one of items 28-33, wherein the subscription configuration further comprises a filter configuration, and wherein the subscription information comprises information obtained after filtering is performed based on the filter configuration. .
(Item 35)
The sending module is further configured to receive data processing parameters delivered by the remote attestation server, wherein the subscription information fed back by the sending module indicates that processing is performed based on the data processing parameters. 35. A method according to any one of items 28 to 34, including information obtained after
(Item 36)
Item 28, wherein the sending module is configured to establish a network configuration protocol session with the network device and receive a subscription configuration delivered by the remote attestation server based on the network configuration protocol session. 36. The apparatus of any one of 35.
(Item 37)
10. A data collection device, said device comprising a memory and a processor, said memory storing at least one instruction, said at least one instruction storing data according to any one of items 1 to 9. A data collection device loaded and executed by said processor to implement a collection method or to implement a data collection method according to any one of items 10-18.
(Item 38)
A computer readable storage medium, said storage medium storing at least one instruction, said instruction for implementing the data collection method of any one of items 1 to 9 or 20. A computer readable storage medium loaded and executed by a processor to implement the data gathering method of any one of Clauses 18.
(Item 39)
10. A computer program product, said computer program product comprising computer program code, said computer, when said computer program code is executed, causing said computer to perform a data collection method according to any one of items 1 to 9. or a data collection method according to any one of items 10 to 18.

Claims (40)

A data collection method, said data collection method being applied to a remote attestation process, said data collection method comprising:
delivering a subscription configuration to a network device by a remote attestation server, the subscription configuration being used to subscribe to information related to remote attestation performed by the network device; stages and
the remote attestation server receiving subscription information fed back by the network device based on the subscription configuration;
The subscription configuration includes a subscription mode, the subscription mode is used to indicate a mode of feeding back the subscription information, the subscription mode includes a periodic feedback-based subscription mode and an event-triggered subscription mode. Data collection methods including one or a combination of feedback-based subscription modes. 2. The data collection method of claim 1, wherein the subscription configuration further comprises a data stream subscription configuration or an event subscription configuration. If the subscription configuration includes the data stream subscription configuration, the subscription information includes:
software integrity information at each layer of the chain of trust recorded when the network device is booted up;
operating system dynamic integrity information recorded as the network device operates;
software dynamic integrity information recorded as the network device operates;
an identity certificate associated with the network device; and
remote attestation certificate associated with said network device;
The data collection method according to claim 2. If the subscription configuration includes the event subscription configuration, the subscription information includes device boot events, device upgrade events, specific mode attack events, master/slave switching events, board insertion/removal/switching events and certificate 4. A data collection method according to claim 2 or 3, comprising information relating to one or more of the triggered events called life cycle events. 5. Any one of claims 1 to 4, wherein for critical security data streams said event-triggered feedback based subscription mode is configured and for general purpose security data streams said periodic feedback based subscription mode is configured. Data collection method described in section. 6. The subscription configuration of any one of claims 1-5, wherein the subscription configuration further comprises a filter configuration, and wherein the subscription information comprises information obtained after filtering is performed based on the filter configuration. Data Collection Method. The data collection method comprises delivering data processing parameters to the network device, wherein the subscription information includes information obtained after processing is performed based on the data processing parameters. 7. The data collection method of any one of claims 1-6, further comprising: The step of delivering the subscription configuration to the network device comprises:
establishing a network configuration protocol session with the network device and delivering the subscription configuration to the network device based on the network configuration protocol session;
8. A data collection method according to any one of claims 1-7. A data collection method, said data collection method being applied to a remote attestation process, said data collection method comprising:
a network device receiving a subscription configuration delivered by a remote attestation server, the subscription configuration being used to subscribe to information related to remote attestation performed by the network device; receiving,
said network device feeding back subscription information to said remote attestation server based on said subscription configuration;
The subscription configuration includes a subscription mode, the subscription mode is used to indicate a mode of feeding back the subscription information, the subscription mode includes a periodic feedback-based subscription mode and an event-triggered subscription mode. Data collection methods including one or a combination of feedback-based subscription modes. 10. The data collection method of claim 9, wherein the subscription configuration comprises one or more of a data stream subscription configuration and an event subscription configuration. If the subscription configuration includes the data stream subscription configuration, the step of feeding back subscription information to the remote attestation server based on the subscription configuration comprises:
Based on said data stream subscription configuration,
software integrity information at each layer of the chain of trust recorded when the network device is booted up;
operating system dynamic integrity information recorded as the network device operates;
software dynamic integrity information recorded as the network device operates;
an identity certificate associated with the network device; and
feeding back to said remote attestation server one or more of: remote attestation certificates associated with said network devices;
11. A data collection method according to claim 10. If the subscription configuration includes the event subscription configuration, the step of feeding back subscription information to the remote attestation server based on the subscription configuration comprises:
Based on said event subscription configuration, among the triggered events: device boot event, device upgrade event, specific mode attack event, master/slave switch event, board insert/remove/switch event and certificate lifecycle event feeding back information related to one or more to the remote attestation server;
The data collection method according to claim 10 or 11. The step of feeding back subscription information to the remote attestation server based on the subscription configuration comprises:
feeding back the subscription information to the remote attestation server based on the subscription mode included in the subscription configuration;
13. A data collection method according to any one of claims 9-12. 14. The data collection method of claim 13, wherein the event-triggered feedback-based subscription mode is configured for critical security data streams and the periodic feedback-based subscription mode is configured for general security data streams. . 15. A subscription configuration as claimed in any one of claims 9 to 14, wherein the subscription configuration further comprises a filter configuration and the subscription information comprises information obtained after filtering is performed based on the filter configuration. Data Collection Method. The data collection method includes receiving data processing parameters delivered by the remote attestation server, wherein the subscription information includes information obtained after processing is performed based on the data processing parameters. 16. The method of collecting data according to any one of claims 9 to 15, further comprising receiving. The step of receiving a subscription configuration delivered by a remote attestation server comprises:
establishing a network configuration protocol session with the remote attestation server and receiving the subscription configuration delivered by the remote attestation server based on the network configuration protocol session;
17. A data collection method according to any one of claims 9-16. A data collection device, said data collection device being used in a remote attestation process, said data collection device comprising:
A sending module configured to deliver a subscription configuration to a network device, the subscription configuration being used to subscribe to information related to remote attestation performed by the network device. a module;
a receiving module configured to receive subscription information fed back by the network device based on the subscription configuration;
The subscription configuration includes a subscription mode, the subscription mode is used to indicate a mode of feeding back the subscription information, the subscription mode includes a periodic feedback-based subscription mode and an event-triggered subscription mode. A data collection device that includes one or a combination of feedback-based subscription modes. 19. The data collection device of Claim 18, wherein the subscription configuration comprises one or more of a data stream subscription configuration and an event subscription configuration. If the subscription configuration includes the data stream subscription configuration, the subscription information includes:
software integrity information at each layer of the chain of trust recorded when the network device is booted up;
operating system dynamic integrity information recorded as the network device operates;
software dynamic integrity information recorded as the network device operates;
an identity certificate associated with the network device; and
remote attestation certificate associated with said network device;
20. A data collection device according to claim 19. If the subscription configuration includes the event subscription configuration, the subscription information includes device boot events, device upgrade events, specific mode attack events, master/slave switching events, board insertion/removal/switching events and certificate 21. A data collection device according to claim 19 or 20, comprising information relating to one or more of the triggered events of lifecycle events. 22. Any one of claims 19 to 21, wherein for critical security data streams said event-triggered feedback based subscription mode is configured and for general security data streams said periodic feedback based subscription mode is configured. The data collection device according to paragraph. 23. A method as claimed in any one of claims 18 to 22, wherein the subscription configuration further comprises a filter configuration and the subscription information comprises information obtained after filtering is performed based on the filter configuration. data collection device. 19. The sending module is further configured to deliver data processing parameters to the network device, wherein the subscription information includes information obtained after processing is performed based on the data processing parameters. 24. The data collection device according to any one of 23. 25. The sending module is configured to establish a network configuration protocol session with the network device and deliver the subscription configuration to the network device based on the network configuration protocol session. or the data collection device according to claim 1. A data collection device, said data collection device being used in a remote attestation process, said data collection device comprising:
A receiving module configured to receive a subscription configuration delivered by a remote attestation server, said subscription configuration for subscribing to information related to remote attestation performed by a network device. a receiving module used;
a sending module configured to feed back subscription information to the remote attestation server based on the subscription configuration;
The subscription configuration includes a subscription mode, the subscription mode is used to indicate a mode of feeding back the subscription information, the subscription mode includes a periodic feedback-based subscription mode and an event-triggered subscription mode. A data collection device that includes one or a combination of feedback-based subscription modes. 27. The data collection device of Claim 26, wherein the subscription configuration comprises one or more of a data stream subscription configuration and an event subscription configuration. Based on the data stream subscription configuration, if the subscription configuration includes the data stream subscription configuration, the sending module:
software integrity information at each layer of the chain of trust recorded when the network device is booted up;
operating system dynamic integrity information recorded as the network device operates;
software dynamic integrity information recorded as the network device operates;
an identity certificate associated with the network device; and
configured to feed back to said remote attestation server one or more of: remote attestation certificate information associated with said network device;
28. A data collection device according to claim 27. If the subscription configuration includes the event subscription configuration, the sending module performs device boot events, device upgrade events, specific mode attack events, master/slave switch events, board insertion, based on the event subscription configuration. 28. The data collection of claim 27, configured to feed back to said remote attestation server information related to one or more of triggered events of /removal/switching events and certificate lifecycle events. Device. the sending module is configured to feed back the subscription information to the remote attestation server based on the subscription mode included in the subscription configuration;
30. A data collection device according to any one of claims 26-29. 31. The data collection device of claim 30, wherein the event-triggered feedback-based subscription mode is configured for critical security data streams and the periodic feedback-based subscription mode is configured for general security data streams. . 32. A method according to any one of claims 26 to 31, wherein said subscription configuration further comprises a filter configuration, said subscription information comprising information obtained after filtering is performed based on said filter configuration. data collection device. The sending module is further configured to receive data processing parameters delivered by the remote attestation server, wherein the subscription information fed back by the sending module indicates that processing is performed based on the data processing parameters. 33. A data collection device according to any one of claims 26 to 32, comprising information obtained after a 9. The sending module is configured to establish a network configuration protocol session with the network device and receive a subscription configuration delivered by the remote attestation server based on the network configuration protocol session. 34. A data collection device according to any one of clauses 26-33. A data collection device, said data collection device comprising a memory and a processor, said memory storing at least one instruction, said at least one instruction being the A data collection device loaded and executed by said processor to implement the described data collection method. A data collection device, said data collection device comprising a memory and a processor, said memory storing at least one instruction, said at least one instruction being the A data collection device loaded and executed by said processor to implement the described data collection method. A computer-readable storage medium, said computer-readable storage medium storing at least one instruction, said at least one instruction for implementing the data collection method of any one of claims 1 to 8. a computer readable storage medium loaded and executed by a processor ; A computer-readable storage medium, said computer-readable storage medium storing at least one instruction, said at least one instruction for implementing the data collection method of any one of claims 9 to 17 a computer readable storage medium loaded and executed by a processor; A program that causes a computer to execute the data collection method according to any one of claims 1 to 8. A program that causes a computer to execute the data collection method according to any one of claims 9 to 17.

Images